Author

Topic: Wallet Encryption - Keyfiles are needed! (Read 1122 times)

hero member
Activity: 767
Merit: 500
June 17, 2011, 05:16:20 PM
#6
There's already a pull request adding this... Perhaps discussion should take place in that thread?

 http://forum.bitcoin.org/index.php?topic=8728.0

Will
sr. member
Activity: 312
Merit: 250
Can't we have passphrase and keyfile both be optional?
staff
Activity: 4284
Merit: 8808
The keyfile is mostly a file to help make your password more secure. A lot of people use crappy passwords. If they used the keyfile it would add lot's of random info to the password so if just the wallet is stolen they won't be able to brute force the password unless they also know the keyfile and have a copy. It's what truecrypt can use. 

Strengthening probably addresses this better by making the bruteforce too slow to be effective against all but the dumbest passwords.

Its important to keep in mind that, recent hysteria notwithstanding, the greater risk to most bitcoin users is coin _loss_ not coin theft.  Security measures are important, but if they make you more likely to lose your coins or suffer data corruption then they are probably a net harm to the users overall.

Basic wallet encryption is probably a net gain— widely used it should immunize the whole community against the creation of collection worms somewhat though it will cause some people to lose coins that wouldn't otherwise be lost. I doubt this is true for keyfile boosted encryption.  Moreover, if you want that you can have it externally to bitcoin.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Maybe not as complicated setup as Truecrypt but I think keyfiles are a must for better security. It would make brute forcing a wallet WAY harder if the attacker doesn't know what file(s) you use as keyfiles. Generating a keyfile would be a nice feature too. Bitcoin would have to remind the user though that the keyfile must be backed up and kept somewhere safe for if you lose the keyfile you can't open the wallet.

Anyone else use keyfiles elsewhere?
I don't know the details of how it would be implemented but couldn't bitcoin read the disk at random intervals (not too often to notice performance change) and access a file or two just to trick malware. That way if there is malware they won't be able to know when the actual keyfile is used?


Aren't you going to need to reveal the keyfile at some point? Finding a way to be safe with malware on your computer is not optimal.

The keyfile is mostly a file to help make your password more secure. A lot of people use crappy passwords. If they used the keyfile it would add lot's of random info to the password so if just the wallet is stolen they won't be able to brute force the password unless they also know the keyfile and have a copy. It's what truecrypt can use. 
legendary
Activity: 1246
Merit: 1016
Strength in numbers
Maybe not as complicated setup as Truecrypt but I think keyfiles are a must for better security. It would make brute forcing a wallet WAY harder if the attacker doesn't know what file(s) you use as keyfiles. Generating a keyfile would be a nice feature too. Bitcoin would have to remind the user though that the keyfile must be backed up and kept somewhere safe for if you lose the keyfile you can't open the wallet.

Anyone else use keyfiles elsewhere?
I don't know the details of how it would be implemented but couldn't bitcoin read the disk at random intervals (not too often to notice performance change) and access a file or two just to trick malware. That way if there is malware they won't be able to know when the actual keyfile is used?


Aren't you going to need to reveal the keyfile at some point? Finding a way to be safe with malware on your computer is not optimal.
hero member
Activity: 672
Merit: 500
BitLotto - best odds + best payouts + cheat-proof
Maybe not as complicated setup as Truecrypt but I think keyfiles are a must for better security. It would make brute forcing a wallet WAY harder if the attacker doesn't know what file(s) you use as keyfiles. Generating a keyfile would be a nice feature too. Bitcoin would have to remind the user though that the keyfile must be backed up and kept somewhere safe for if you lose the keyfile you can't open the wallet.

Anyone else use keyfiles elsewhere?
I don't know the details of how it would be implemented but couldn't bitcoin read the disk at random intervals (not too often to notice performance change) and access a file or two just to trick malware. That way if there is malware they won't be able to know when the actual keyfile is used?
Jump to: